CVE-2022-34295

MEDIUM

totd <1.5.3 - Info Disclosure

Title source: llm

Description

totd before 1.5.3 does not properly randomize mesg IDs.

References (4)

[Vendor Advisory] https://www.usenix.org/conference/usenixsecurity22/presentation/jeitner

[Exploit, Technical Description, Third Party Advisory] http://www.hit.bme.hu/~lencse/publications/JCST-Apr14-2.pdf

[Patch, Third Party Advisory] https://github.com/fwdillema/totd/commit/afd8a10a6a21f82a70940d1b43cff48143250399

View Patch ZIP pw:eip

[Patch, Release Notes, Third Party Advisory] https://github.com/fwdillema/totd/releases/tag/1.5.3

Scores

CVSS v3 6.5

EPSS 0.0037

EPSS Percentile 58.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-330

Status published

Products (1)

totd_project/totd < 1.5.3

Published Jun 23, 2022

Tracked Since Feb 18, 2026